Pypi
This hub aggregates every CVE we track for Pypi, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
3
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM3CRITICAL3HIGH2
Monthly trend
0
1
0
0
0
0
0
0
4
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Pypi.
- CVE-2024-6866Case-Insensitive Path Matching in corydolphin/flask-cors7.5
- CVE-2024-6844Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors5.3
- CVE-2025-0183Stored XSS in binary-husky/gpt_academic5.4
- CVE-2024-6839Improper Regex Path Matching in corydolphin/flask-cors5.3
- CVE-2024-6221Improper Access Control in corydolphin/flask-cors7.5
- CVE-2022-34501The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.9.8
- CVE-2022-34500The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.9.8
- CVE-2022-28470marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.9.8
Product normalization is registry-driven with AI assist and human review. How it works